Weekly News Links

Firefox 18 arrives with IonMonkey-powered JavaScriptMozilla says the newly released Firefox 18 will be delivering faster JavaScript for web games and other long lived applications. This boost is thanks to the addition of the IonMonkey just-in-time compiler as a replacement for the SpiderMonkey JavaScript engine.

Firefox 19 betas arrive for the desktop and AndroidMozilla has released beta versions of Firefox 19 for the desktop and Android. The desktop version enables PDF.js, a built-in JavaScript-based PDF viewer, which brings native integration of the format to the browser and eliminates the need for plugins. The Firefox for Android beta gets additional support for the ARMv6 architecture, including phones from LG, HTC and ZTE, and also now supports themes.

Beta for Chrome on Android now availableGoogle has made a beta version of Chrome 25 for Android 4.0+ available in the Google Play store, bouncing the version number into synchronisation with the current desktop version.

Linux and Windows 8: Fast Startup puts data at riskThe new Fast Startup feature of Windows 8 puts the filesystem’s integrity at risk if other operating systems are used to write to Windows partitions. Data loss is particularly likely with dual-boot configurations that involve Linux and Windows 8.

Report: ZTE to bring Firefox OS to EuropeThe Chinese phone maker ZTE says that it is working with an unnamed European wireless carrier to bring smartphones based on Mozilla’s Firefox OS to the market this year.

Microsoft Confirms WLM – Skype Transition BugsMicrosoft has recently announced that it would discontinue Windows Live Messenger on March 15, so users have no other option that to make the move to Skype. The problem is that many of those who indeed decided to migrate to Microsoft’s VoIP platform have encountered a problem that erased most of their contacts, with no workaround to get the lost information back.

How to set up an Eject All hot key in OS XOS X requires that you manually eject all drives before disconnecting them, which can be a bit of a burden if you have multiple drives attached. Here’s a way to simplify things a little.

Apple blacklists Java on OS X to prevent latest “critical” exploitsApple has blacklisted the latest version of the Java browser plugin to protect Mac users from the latest Java exploits. As noted by MacRumors, OS X now requires a newer, as-yet unreleased version of the Java plugin which is expected to patch a flaw that resulted from an incomplete patch added to Java last year.

What You Need to Know About the Java ExploitOn Thursday, the world learned that attackers were breaking into computers using a previously undocumented security hole in Java, a program that is installed on hundreds of millions of computers worldwide. This post aims to answer some of the most frequently asked questions about the vulnerability, and to outline simple steps that users can take to protect themselves.

Extremely critical Ruby on Rails bug threatens more than 200,000 siteServers that run the framework are by default vulnerable to remote code attacks. – Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability in the Ruby on Rails framework that gives remote attackers the ability to execute malicious code on the underlying servers.

Current Foxit Reader can execute malicious codeSecurity expert Andrea Micalizzi has discovered a critical vulnerability in the current Foxit Reader’s browser plugin; according to the researcher, the hole can be exploited to inject malicious code. When a web page instructs the npFoxitReaderPlugin.dll plugin to open a PDF document from a very long URL, a buffer overflow is created on the stack.

Critical security update for MoinMoin wiki releasedThe developers of MoinMoin have closed a critical security vulnerability with the release of version 1.9.6 of their open source wiki software. A vulnerability in the twikidraw and anywikidraw components which could be exploited to execute arbitrary code has been closed. The problem affects MoinMoin 1.9.5 and earlier versions.

Critical vulnerabilities in AsteriskDigium has fixed several critical vulnerabilities which could be exploited by an attacker to inject code onto the server into its open source telephone system application Asterisk. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols.

VLC Media Player 8 Banned on Windows 8While everyone’s waiting for the official app, a so-called VLC Media Player 8 has been approved for Windows Store, so it may trick people into believing that they’re downloading the software solution developed by VideoLAN. The app is, however, a fake, even though it promises to play “most of the latest formats of video as well as audio files.”

Another Fake VLC for Windows 8 App Available for DownloadEven though an official VLC media player for Windows 8 is yet to be released, some software developers across the world are trying to make the most of VideoLAN’s success with similar apps that copy one or more of the original features.

Lost+Found: Password klutzes, cat payloads and a lulzy-PoCToo small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been been on The H’s radar this week. In this edition: the offensive uses of plain text, proof of concepts for the lulz, 29C3 videos, payload enabled cats and Inception opens up Windows 8.

Crimeware Author Funds Exploit Buying SpreeThe author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.

GEEK TRIVIA

DID YOU KNOW?

Just like the gravitational pull of the Moon acts on the Earth (evidenced by tides and the tidal bulge), Earth’s gravity affects the Moon and causes the surface of it to bulge (lunar body tide) as it orbits the Earth.